![]() ![]() I apologise for that, but there’s little else that I can do until Apple recognises this as a bug and fixes it. That’s too much for SilentKnight to cope with, I’m afraid, so you’ll need to look at the full detail in the scrolling text view in the lower part of the window, where each result is given in your chosen language. This is because the command tool used by SilentKnight to obtain that information returns the answer in any one of the dozens of languages supported by macOS. However, that doesn’t hold true if it’s using a different language. If your Mac is working in the English language, then the indication given there should be reliable. SilentKnight checks this, and should report that the SSV is enabled together with its SIP status. If you’re running Big Sur or Monterey, it’s important that your Mac has booted from a signed and sealed System volume, the SSV. If that doesn’t enable your Mac to bring its security data files up to date, and you’re running macOS Catalina or earlier, you may need to reinstall macOS to see if that fixes it. If that box isn’t ticked, those updates could get blocked. You don’t need to download them when available, and it’s up to you if you want your Mac to install system data files and security updates, but at least checking for updates is important. One useful trick which can often enable these updates is to open the Software Update pane, click on its Advanced… button, and ensure that it’s set to check for updates. There are some old bugs which can cause this, and can block even SilentKnight from detecting updates which your Mac needs as soon as possible. ![]() ![]() Occasionally, the first time someone runs SilentKnight it reveals that Mac hasn’t installed any security data updates for a long time. When you have done so, restart and check that SilentKnight reports that XProtect is enabled. Be careful with those commands: the hyphens before enable and global-enable aren’t long dashes, but two separate hyphens. Which requires you to authenticate using your admin password. You may be able to fix this using the commandīut chances are that you will instead need to invoke If it’s disabled, when using LockRattler you could instead see an error, such as ![]() Open SilentKnight and check that it states XProtect enabled. These checks don’t just apply to fresh downloads: every time you open a JPEG file, for example, XProtect takes a quick look to see whether it might be malicious.Īs you don’t have to enter Recovery mode to do so, it’s comparatively easy to turn XProtect’s checks off, although I can’t think why anyone would want to do so: if you have to turn it off in order to open a file, then you should ask yourself whether you should be opening that file at all!ĭisabling XProtect leaves your Mac vulnerable to malware. XProtect is the only free built-in tool to check for many common types of malware. Although it does get in the way at times, it’s there to protect. This still applies to Big Sur and Monterey, with their protected System volumes, as SIP is essential for protecting system and other important files on your Data volume too. If you ever do need to disable SIP, do yourself a favour and put a sticky note on your Mac’s display to remind you to turn it back on. Once that’s done, restart in normal mode, and run SilentKnight again, to check that item reports correctly To enable SIP, restart in Recovery mode, open Terminal, and type the following command: Run SilentKnight with SIP disabled, and it will tell you of the problem. Doing so requires you to restart in Recovery mode, enter a command in Terminal there, and restart. You can turn SIP off, something very occasionally needed to perform certain important tasks. This should make it impossible for malware or even out-of-control software to change those protected system files. Since El Capitan, macOS has protected all its system files, even down to standard Mac apps, using System Integrity Protection (SIP). From an initial AppleScript, I developed the first version of LockRattler, released just before that Christmas. At that time, the only way to determine whether SIP was on or off was in Terminal. SilentKnight and its companion command tool silnite originated from LockRattler, which in turn was developed in response to a major security failure in batches of new MacBook Pros shipped in the autumn of 2016 with SIP turned off. I’ll look at them in that order, and add a fourth, whether the SSV is enabled. A steady stream of users discover their Mac is missing some of its critical security protection. Running SilentKnight for the first time can bring surprises. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |